git.ipfire.org Git - thirdparty/pdns.git/log

dnsdist: Fix the documented return value of DNSHeader:getTC()

(cherry picked from commit dfd90e05d024dbc7c5a01975fc4e753cad03e77d)

dnsdist: Add a DNSHeader:getTC() Lua binding

(cherry picked from commit 2be955a17cd79d92dd5ab3975481c4a53c6369a1)

Merge pull request #13573 from romeroalx/rel/dnsdist-1.8.x-workflow-call

GH Actions - rel/dnsdist-1.8.x: make `build-and-test-all` and `builder` workflows reusable from other branches

make builder workflow reusable

make build-and-test-all reusable

test ubuntu jammy build target

builder: drop ubuntu kinetic, it is EOL

Merge pull request #13523 from rgacogne/ddist18-backoff

dnsdist-1.8.x: Refactor the exponential back-off timer code

dnsdist: Refactor the exponential back-off timer code

The existing code could overflow in some cases, leading to a
potentially endless busy-loop.

(cherry picked from commit d629f5b02ee6de8bf94592980472337fdbf301ad)

Merge pull request #13356 from Habbie/backport-13355-to-dnsdist-1.8.x

dnsdist 1.8 Docker: enable h2o again, using our fork

dnsdist Docker: enable h2o again, using our fork

(cherry picked from commit de02bfc15ca0b17bb082bcffd0882ec03257ce57)

Merge pull request #13349 from rgacogne/ddist18-powerdns-h2o-h2-rapid-reset

dnsdist-1.8x: Switch to our fork of h2o to mitigate http2 rapid reset

builder-support: Use curl's "fail fast with no output at all on server errors" option

(cherry picked from commit 97d18cb451fcac78816604556629278c9ca49d3c)

dnsdist: Switch to our fork of h2o to mitigate http2 rapid reset

(cherry picked from commit 115db75920b73f07c356308df1b83ba296850e2a)

Merge pull request #13184 from rgacogne/ddist18-backport-package-building-workflow

dnsdist-1.8.x: Backport the workflow to build packages from tags

Fix 'check if hashes were created for all requested targets'

fix the provenance generation

dnsdist-1.8.x: Backport the workflow to build packages from tags

Merge pull request #13178 from rgacogne/ddist18-tcpiohandler-fix-conn-index-race

dnsdist-1.8.x: TCPIOHandler: Fix a race when creating the first TLS connections

TCPIOHandler: Fix a race when creating the first TLS connections

We used to get a index from OpenSSL when the first incoming or
outgoing TLS connection was created. That index is later used
to store application-related data along the TLS connection, to
be able to access it in callbacks called from inside the OpenSSL
library.
Unfortunately the atomic flag construction used was racy: if a second
connection is created while the first one is still getting the index,
it could be reading the initial value (-1) instead of the actual index,
which might prevent the callback from working properly because they
cannot retrieve the necessary data. The good news is that this should
not have a serious impact: a TLS session might not be properly resumed
while it should have been, leading to a full TLS session negotiation.
This commit fixes the race by using a full mutex and only releasing
it once the value has been computed. In order to avoid a performance
penalty, the index is now computed when a TLS connection _context_
is created, instead of a TLS connection. TLS contexts should be
reused for a large number of connections, and mostly created during
startup or in the first few seconds of the application.

The race was reported by Thread Sanitizer during the
`test_TLS.py::TestTLSFrontendLimits::testTCPConnsPerTLSFrontend`
regression test as:
```
WARNING: ThreadSanitizer: data race (pid=120466)
  Read of size 4 at 0x55a12bf3d758 by thread T4:
    #0 OpenSSLTLSConnection::OpenSSLTLSConnection(int, timeval const&, std::shared_ptr<OpenSSLFrontendContext>) /work/pdns/pdns/dnsdistdist/tcpiohandler.cc:106 (dnsdist+0x97ece8) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #1 std::__detail::_MakeUniq<OpenSSLTLSConnection>::__single_object std::make_unique<OpenSSLTLSConnection, int&, timeval const&, std::shared_ptr<OpenSSLFrontendContext>&>(int&, timeval const&, std::shared_ptr<OpenSSLFrontendContext>&) /usr/include/c++/13.2.1/bits/unique_ptr.h:1070 (dnsdist+0x97eff6) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #2 OpenSSLTLSIOCtx::getConnection(int, timeval const&, long) /work/pdns/pdns/dnsdistdist/tcpiohandler.cc:797 (dnsdist+0x97eff6)
    #3 TCPIOHandler::TCPIOHandler(int, timeval const&, std::shared_ptr<TLSCtx>, long) /work/pdns/pdns/dnsdistdist/tcpiohandler.hh:246 (dnsdist+0x88c24f) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #4 IncomingTCPConnectionState::IncomingTCPConnectionState(ConnectionInfo&&, TCPClientThreadData&, timeval const&) /work/pdns/pdns/dnsdistdist/dnsdist-tcp-upstream.hh:29 (dnsdist+0x88c24f)
    #5 void std::_Construct<IncomingTCPConnectionState, ConnectionInfo, TCPClientThreadData&, timeval&>(IncomingTCPConnectionState*, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/stl_construct.h:119 (dnsdist+0x878b1e) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #6 void std::allocator_traits<std::allocator<void> >::construct<IncomingTCPConnectionState, ConnectionInfo, TCPClientThreadData&, timeval&>(std::allocator<void>&, IncomingTCPConnectionState*, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/alloc_traits.h:660 (dnsdist+0x878b1e)
    #7 std::_Sp_counted_ptr_inplace<IncomingTCPConnectionState, std::allocator<void>, (__gnu_cxx::_Lock_policy)2>::_Sp_counted_ptr_inplace<ConnectionInfo, TCPClientThreadData&, timeval&>(std::allocator<void>, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/shared_ptr_base.h:604 (dnsdist+0x878b1e)
    #8 std::__shared_count<(__gnu_cxx::_Lock_policy)2>::__shared_count<IncomingTCPConnectionState, std::allocator<void>, ConnectionInfo, TCPClientThreadData&, timeval&>(IncomingTCPConnectionState*&, std::_Sp_alloc_shared_tag<std::allocator<void> >, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/shared_ptr_base.h:971 (dnsdist+0x878b1e)
    #9 std::__shared_ptr<IncomingTCPConnectionState, (__gnu_cxx::_Lock_policy)2>::__shared_ptr<std::allocator<void>, ConnectionInfo, TCPClientThreadData&, timeval&>(std::_Sp_alloc_shared_tag<std::allocator<void> >, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/shared_ptr_base.h:1712 (dnsdist+0x878b1e)
    #10 std::shared_ptr<IncomingTCPConnectionState>::shared_ptr<std::allocator<void>, ConnectionInfo, TCPClientThreadData&, timeval&>(std::_Sp_alloc_shared_tag<std::allocator<void> >, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/shared_ptr.h:464 (dnsdist+0x878b1e)
    #11 std::shared_ptr<std::enable_if<!std::is_array<IncomingTCPConnectionState>::value, IncomingTCPConnectionState>::type> std::make_shared<IncomingTCPConnectionState, ConnectionInfo, TCPClientThreadData&, timeval&>(ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/shared_ptr.h:1010 (dnsdist+0x878b1e)
    #12 handleIncomingTCPQuery /work/pdns/pdns/dnsdistdist/dnsdist-tcp.cc:1118 (dnsdist+0x878b1e)
    #13 void std::__invoke_impl<void, void (*&)(int, boost::any&), int, boost::any&>(std::__invoke_other, void (*&)(int, boost::any&), int&&, boost::any&) /usr/include/c++/13.2.1/bits/invoke.h:61 (dnsdist+0x32d951) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #14 std::enable_if<is_invocable_r_v<void, void (*&)(int, boost::any&), int, boost::any&>, void>::type std::__invoke_r<void, void (*&)(int, boost::any&), int, boost::any&>(void (*&)(int, boost::any&), int&&, boost::any&) /usr/include/c++/13.2.1/bits/invoke.h:111 (dnsdist+0x32d951)
    #15 std::_Function_handler<void (int, boost::any&), void (*)(int, boost::any&)>::_M_invoke(std::_Any_data const&, int&&, boost::any&) /usr/include/c++/13.2.1/bits/std_function.h:290 (dnsdist+0x32d951)
    #16 std::function<void (int, boost::any&)>::operator()(int, boost::any&) const /usr/include/c++/13.2.1/bits/std_function.h:591 (dnsdist+0x98fc0f) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #17 EpollFDMultiplexer::run(timeval*, int) /work/pdns/pdns/dnsdistdist/epollmplexer.cc:190 (dnsdist+0x98fc0f)
    #18 tcpClientThread /work/pdns/pdns/dnsdistdist/dnsdist-tcp.cc:1251 (dnsdist+0x86cb7f) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #19 void std::__invoke_impl<void, void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > >(std::__invoke_other, void (*&&)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >&&) /usr/include/c++/13.2.1/bits/invoke.h:61 (dnsdist+0x87aab1) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #20 std::__invoke_result<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > >::type std::__invoke<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > >(void (*&&)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >&&) /usr/include/c++/13.2.1/bits/invoke.h:96 (dnsdist+0x87aab1)
    #21 void std::thread::_Invoker<std::tuple<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > > >::_M_invoke<0ul, 1ul, 2ul, 3ul, 4ul, 5ul>(std::_Index_tuple<0ul, 1ul, 2ul, 3ul, 4ul, 5ul>) /usr/include/c++/13.2.1/bits/std_thread.h:292 (dnsdist+0x87aab1)
    #22 std::thread::_Invoker<std::tuple<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > > >::operator()() /usr/include/c++/13.2.1/bits/std_thread.h:299 (dnsdist+0x87aab1)
    #23 std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > > > >::_M_run() /usr/include/c++/13.2.1/bits/std_thread.h:244 (dnsdist+0x87aab1)
    #24 execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:104 (libstdc++.so.6+0xe1942) (BuildId: 207eb738c5976dd9aac1ae0640fc4de5946b547e)

  Previous write of size 4 at 0x55a12bf3d758 by thread T3:
    #0 OpenSSLTLSConnection::OpenSSLTLSConnection(int, timeval const&, std::shared_ptr<OpenSSLFrontendContext>) /work/pdns/pdns/dnsdistdist/tcpiohandler.cc:88 (dnsdist+0x97ed98) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #1 std::__detail::_MakeUniq<OpenSSLTLSConnection>::__single_object std::make_unique<OpenSSLTLSConnection, int&, timeval const&, std::shared_ptr<OpenSSLFrontendContext>&>(int&, timeval const&, std::shared_ptr<OpenSSLFrontendContext>&) /usr/include/c++/13.2.1/bits/unique_ptr.h:1070 (dnsdist+0x97eff6) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #2 OpenSSLTLSIOCtx::getConnection(int, timeval const&, long) /work/pdns/pdns/dnsdistdist/tcpiohandler.cc:797 (dnsdist+0x97eff6)
    #3 TCPIOHandler::TCPIOHandler(int, timeval const&, std::shared_ptr<TLSCtx>, long) /work/pdns/pdns/dnsdistdist/tcpiohandler.hh:246 (dnsdist+0x88c24f) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #4 IncomingTCPConnectionState::IncomingTCPConnectionState(ConnectionInfo&&, TCPClientThreadData&, timeval const&) /work/pdns/pdns/dnsdistdist/dnsdist-tcp-upstream.hh:29 (dnsdist+0x88c24f)
    #5 void std::_Construct<IncomingTCPConnectionState, ConnectionInfo, TCPClientThreadData&, timeval&>(IncomingTCPConnectionState*, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/stl_construct.h:119 (dnsdist+0x878b1e) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #6 void std::allocator_traits<std::allocator<void> >::construct<IncomingTCPConnectionState, ConnectionInfo, TCPClientThreadData&, timeval&>(std::allocator<void>&, IncomingTCPConnectionState*, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/alloc_traits.h:660 (dnsdist+0x878b1e)
    #7 std::_Sp_counted_ptr_inplace<IncomingTCPConnectionState, std::allocator<void>, (__gnu_cxx::_Lock_policy)2>::_Sp_counted_ptr_inplace<ConnectionInfo, TCPClientThreadData&, timeval&>(std::allocator<void>, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/shared_ptr_base.h:604 (dnsdist+0x878b1e)
    #8 std::__shared_count<(__gnu_cxx::_Lock_policy)2>::__shared_count<IncomingTCPConnectionState, std::allocator<void>, ConnectionInfo, TCPClientThreadData&, timeval&>(IncomingTCPConnectionState*&, std::_Sp_alloc_shared_tag<std::allocator<void> >, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/shared_ptr_base.h:971 (dnsdist+0x878b1e)
    #9 std::__shared_ptr<IncomingTCPConnectionState, (__gnu_cxx::_Lock_policy)2>::__shared_ptr<std::allocator<void>, ConnectionInfo, TCPClientThreadData&, timeval&>(std::_Sp_alloc_shared_tag<std::allocator<void> >, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/shared_ptr_base.h:1712 (dnsdist+0x878b1e)
    #10 std::shared_ptr<IncomingTCPConnectionState>::shared_ptr<std::allocator<void>, ConnectionInfo, TCPClientThreadData&, timeval&>(std::_Sp_alloc_shared_tag<std::allocator<void> >, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/shared_ptr.h:464 (dnsdist+0x878b1e)
    #11 std::shared_ptr<std::enable_if<!std::is_array<IncomingTCPConnectionState>::value, IncomingTCPConnectionState>::type> std::make_shared<IncomingTCPConnectionState, ConnectionInfo, TCPClientThreadData&, timeval&>(ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/shared_ptr.h:1010 (dnsdist+0x878b1e)
    #12 handleIncomingTCPQuery /work/pdns/pdns/dnsdistdist/dnsdist-tcp.cc:1118 (dnsdist+0x878b1e)
    #13 void std::__invoke_impl<void, void (*&)(int, boost::any&), int, boost::any&>(std::__invoke_other, void (*&)(int, boost::any&), int&&, boost::any&) /usr/include/c++/13.2.1/bits/invoke.h:61 (dnsdist+0x32d951) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #14 std::enable_if<is_invocable_r_v<void, void (*&)(int, boost::any&), int, boost::any&>, void>::type std::__invoke_r<void, void (*&)(int, boost::any&), int, boost::any&>(void (*&)(int, boost::any&), int&&, boost::any&) /usr/include/c++/13.2.1/bits/invoke.h:111 (dnsdist+0x32d951)
    #15 std::_Function_handler<void (int, boost::any&), void (*)(int, boost::any&)>::_M_invoke(std::_Any_data const&, int&&, boost::any&) /usr/include/c++/13.2.1/bits/std_function.h:290 (dnsdist+0x32d951)
    #16 std::function<void (int, boost::any&)>::operator()(int, boost::any&) const /usr/include/c++/13.2.1/bits/std_function.h:591 (dnsdist+0x98fc0f) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #17 EpollFDMultiplexer::run(timeval*, int) /work/pdns/pdns/dnsdistdist/epollmplexer.cc:190 (dnsdist+0x98fc0f)
    #18 tcpClientThread /work/pdns/pdns/dnsdistdist/dnsdist-tcp.cc:1251 (dnsdist+0x86cb7f) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #19 void std::__invoke_impl<void, void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > >(std::__invoke_other, void (*&&)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >&&) /usr/include/c++/13.2.1/bits/invoke.h:61 (dnsdist+0x87aab1) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #20 std::__invoke_result<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > >::type std::__invoke<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > >(void (*&&)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >&&) /usr/include/c++/13.2.1/bits/invoke.h:96 (dnsdist+0x87aab1)
    #21 void std::thread::_Invoker<std::tuple<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > > >::_M_invoke<0ul, 1ul, 2ul, 3ul, 4ul, 5ul>(std::_Index_tuple<0ul, 1ul, 2ul, 3ul, 4ul, 5ul>) /usr/include/c++/13.2.1/bits/std_thread.h:292 (dnsdist+0x87aab1)
    #22 std::thread::_Invoker<std::tuple<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > > >::operator()() /usr/include/c++/13.2.1/bits/std_thread.h:299 (dnsdist+0x87aab1)
    #23 std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > > > >::_M_run() /usr/include/c++/13.2.1/bits/std_thread.h:244 (dnsdist+0x87aab1)
    #24 execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:104 (libstdc++.so.6+0xe1942) (BuildId: 207eb738c5976dd9aac1ae0640fc4de5946b547e)

  Location is global 'OpenSSLTLSConnection::s_tlsConnIndex' of size 4 at 0x55a12bf3d758 (dnsdist+0xc49758)

  Thread T4 'dnsdist/tcpClie' (tid=120471, running) created by main thread at:
    #0 pthread_create /usr/src/debug/gcc/gcc/libsanitizer/tsan/tsan_interceptors_posix.cpp:1036 (libtsan.so.2+0x44219) (BuildId: 7e8fcb9ed0a63b98f2293e37c92ac955413efd9e)
    #1 __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 (libstdc++.so.6+0xe1a29) (BuildId: 207eb738c5976dd9aac1ae0640fc4de5946b547e)
    #2 std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:172 (libstdc++.so.6+0xe1a29)
    #3 TCPClientCollection::addTCPClientThread(std::vector<ClientState*, std::allocator<ClientState*> >&) /work/pdns/pdns/dnsdistdist/dnsdist-tcp.cc:149 (dnsdist+0x8685a1) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #4 TCPClientCollection::TCPClientCollection(unsigned long, std::vector<ClientState*, std::allocator<ClientState*> >) /work/pdns/pdns/dnsdistdist/dnsdist-tcp.cc:126 (dnsdist+0x868912) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #5 std::__detail::_MakeUniq<TCPClientCollection>::__single_object std::make_unique<TCPClientCollection, unsigned long&, std::vector<ClientState*, std::allocator<ClientState*> > >(unsigned long&, std::vector<ClientState*, std::allocator<ClientState*> >&&) /usr/include/c++/13.2.1/bits/unique_ptr.h:1070 (dnsdist+0x20adef) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #6 main /work/pdns/pdns/dnsdistdist/dnsdist.cc:2865 (dnsdist+0x20adef)

  Thread T3 'dnsdist/tcpClie' (tid=120470, running) created by main thread at:
    #0 pthread_create /usr/src/debug/gcc/gcc/libsanitizer/tsan/tsan_interceptors_posix.cpp:1036 (libtsan.so.2+0x44219) (BuildId: 7e8fcb9ed0a63b98f2293e37c92ac955413efd9e)
    #1 __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 (libstdc++.so.6+0xe1a29) (BuildId: 207eb738c5976dd9aac1ae0640fc4de5946b547e)
    #2 std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:172 (libstdc++.so.6+0xe1a29)
    #3 TCPClientCollection::addTCPClientThread(std::vector<ClientState*, std::allocator<ClientState*> >&) /work/pdns/pdns/dnsdistdist/dnsdist-tcp.cc:149 (dnsdist+0x8685a1) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #4 TCPClientCollection::TCPClientCollection(unsigned long, std::vector<ClientState*, std::allocator<ClientState*> >) /work/pdns/pdns/dnsdistdist/dnsdist-tcp.cc:126 (dnsdist+0x868912) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #5 std::__detail::_MakeUniq<TCPClientCollection>::__single_object std::make_unique<TCPClientCollection, unsigned long&, std::vector<ClientState*, std::allocator<ClientState*> > >(unsigned long&, std::vector<ClientState*, std::allocator<ClientState*> >&&) /usr/include/c++/13.2.1/bits/unique_ptr.h:1070 (dnsdist+0x20adef) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #6 main /work/pdns/pdns/dnsdistdist/dnsdist.cc:2865 (dnsdist+0x20adef)

SUMMARY: ThreadSanitizer: data race /work/pdns/pdns/dnsdistdist/tcpiohandler.cc:106 in OpenSSLTLSConnection::OpenSSLTLSConnection(int, timeval const&, std::shared_ptr<OpenSSLFrontendContext>)
```

(cherry picked from commit b56f05b6d81d64cc11f389e2b08d070c1b912ce7)

Merge pull request #13122 from rgacogne/ddist18-auto-include-ffi-inspection

dnsdist-1.8.x: Automatically load Lua FFI inspection functions

dnsdist: add dnsdist-lua-inspection-ffi.h to dist tarballs

(cherry picked from commit 46de63a6feb237e39b444c80ba82b57c4635ae52)

Merge pull request #13123 from rgacogne/ddist18-declare-custom-metrics-at-runtime

dnsdist-1.8.x: Allow declaring custom metrics at runtime

Merge pull request #13118 from rgacogne/ddist18-fix-dnsdistconf-grp-rpm

dnsdist-1.8.x: Fix the group of the dnsdist.conf file when installed via RPM

Merge pull request #13133 from rgacogne/ddist18-tsig-qtype

dnsdist-1.8.x: Make DNSQType.TSIG available in dnsdist

Merge pull request #13116 from rgacogne/ddist18-discovery-short-read

dnsdist-1.8.x: Properly handle short reads on backend upgrade discovery

Merge pull request #13132 from rgacogne/ddist18-12801-SpoofAction

dnsdist-1.8x: SpoofAction: copy the QClass from the request

Merge pull request #13131 from rgacogne/ddist18-fix-pool-cache-metrics

dnsdist-1.8.x: Fix cache hit and miss metrics with DoH queries

Merge pull request #13130 from rgacogne/ddist18-ossl3-ticket-leak

dnsdist-1.8.x: Fix a memory leak when processing TLS tickets w/ OpenSSL 3.x

Merge pull request #13129 from rgacogne/ddist18-wait-reconnect

dnsdist-1.8.x: Properly handle reconnection failure for backend UDP sockets

Merge pull request #13128 from rgacogne/ddist18-12840-fix-console-desc

dnsdist-1.8.x: Fix the console description of PoolAction and QPSPoolAction

Merge pull request #13127 from rgacogne/ddist18-yahttp-fuzz-overflow

dnsdist-1.8.x: YaHTTP: Prevent integer overflow on very large chunks

Merge pull request #13126 from rgacogne/ddist18-async-test-racy

dnsdist-1.8.x: Remove a racy test in the AsynchronousHolder unit tests

Merge pull request #13125 from rgacogne/ddist18-increment-dyn-blocked-ebpf

dnsdist-1.8.x: Increment the "dyn blocked" counter for eBPF blocks as well

Merge pull request #13124 from rgacogne/ddist18-12916-docker-webserver

dnsdist-1.8.x: Fix webserver config template for our docker container

Merge pull request #13121 from rgacogne/ddist18-fix-crypto-detection-deprecated

dnsdist-1.8.x: Stop using the now deprecated ERR_load_CRYPTO_strings() to detect OpenSSL

Merge pull request #13120 from rgacogne/ddist18-libeditr

dnsdist-1.8.x: fix typo libeditr -> libedit

Merge pull request #13119 from rgacogne/ddist18-doing-red-hat-job-myself

dnsdist-1.8.x: Work around Red Hat 8 pooping the bed in OpenSSL's headers

Merge pull request #13117 from rgacogne/ddist18-12738-disableZeroScope

dnsdist-1.8.x: Undo an accidentally change of disableZeroScope to disableZeroScoping

dnsdist: Remove a second useless check, useless static casts

(cherry picked from commit 6f0a2aec1d935a59f71ac8dfb6b8c174726071c2)

coverity CID 398388: useless <0 check on unsigned value

(cherry picked from commit d86200ac489e08be1831b524d2268b2a1b0f222f)

Merge pull request #13150 from rgacogne/ddist18-fix-frontend-metrics-recvmmsg

dnsdist-1.8.x: Properly record self-answered UDP responses with recvmmsg

dnsdist: Properly record self-answered UDP responses with recvmmsg

Responses sent directly from dnsdist, without reaching out to a backend
(self-generated and cache hits answers, mostly) where not properly
accounted for in frontend metrics, ring buffer entries and latency
computation when recvmmsg/sendmmsg support was enabled via
`setUDPMultipleMessagesVectorSize()`.

(cherry picked from commit 3692220de3633434cb88556132cbb77255440ce3)

auth: Simplify the SQL upgrade condition

(cherry picked from commit bc90e72e012c633f04a2fa52e3f852359aee8a79)

Clarify which types are supported, implemented, meta, etc

(cherry picked from commit 2e63e431478aa4ffbc59b1e821ad755f2b12db9c)

Make DNSQType.TSIG available in dnsdist

(cherry picked from commit f38196e3bc40e3cc2ca67dc9cafa8c611d012978)

fix #12801 + regression test

(cherry picked from commit 6bb404b627442d64b829edcffcc9f5fbc4987eb4)

dnsdist: Fix a boolean nit as suggested by Otto

(cherry picked from commit 2c9b6e8915304b24996e9382ba1e8a36713b5da4)

dnsdist: Fix cache hit and miss metrics with DoH queries

Since we do two lookups for DoH queries forwarded over UDP (first
TCP then UDP), we need to be careful to only record a cache miss
in our last attempt.

(cherry picked from commit bc4d98b7cb2ecad488560d1dbef156708a1166af)

libssl: Fix a memory leak when processing TLS tickets w/ OpenSSL 3.x

(cherry picked from commit 0a18d0349145ae0c49b6dfef0be58bde925c4806)

dnsdist: Add a TSAN suppression for the backend re-connection code

(cherry picked from commit 0d199b6529f5c410d6014bf3058c717b57625553)

dnsdist: check that the UDP responder thread is running after reconnecting

(cherry picked from commit bb1ace1fedca0f6bdd2a962514cd5a6491f3c703)

dnsdist: Only log failed backend connection attempt at info on first try

(cherry picked from commit 3de50c36895bc12a8555066f376e70320166c73e)

dnsdist: Properly handle reconnection failure for backend UDP sockets

We try to reconnect our UDP sockets toward backends on some kind of
network errors that indicate a topology change, but we need to be
careful to handle the case where we actually fail to reconnect, as
we end up with no remaining sockets to use.
This commit properly deals with this case by pausing the thread handling
UDP responses from the backend, instead of having it enter a busy loop,
and by attempting to reconnect if we get a `bad file number` error when
trying to send a UDP datagram to the backend.

(cherry picked from commit 541b8df1fc0773549a76c8de13fb1123baba8bda)

Update dnsdist-console.cc

(cherry picked from commit 6f1bb66b685ea467e94d6b06f443186e0dd80afd)

YaHTTP: Prevent integer overflow on very large chunks

If the chunk_size is very close to the maximum value of an integer,
we trigger an integer overflow when checking if we have a trailing
newline after the payload.
Reported by OSS-Fuzz as:
https://oss-fuzz.com/testcase-detail/6439610474692608
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56804

(cherry picked from commit b602982fc5b4fb9139dec591541e0c070ceb47f5)

dnsdist: Remove a racy test in the AsynchronousHolder unit tests

We are adding an expired event so the worker thread of the
AsynchronousHolder can pick it up immediately, even before we come
back from the call to push(), which leads to a racy test.
This was observed on GitHub Actions when running with TSAN:
```
FAIL: testrunner
================

Running 170 test cases...
test-dnsdistasync.cc(156): error: in "test_dnsdistasync/test_AddingExpiredEvent": check !holder->empty() has failed

*** 1 failure is detected in the test module "unit"
FAIL testrunner (exit status: 201)
```

(cherry picked from commit 35bbac75efbd4fb8a9523ab3974bea5507484f65)

dnsdist: Increment the "dyn blocked" counter for eBPF blocks as well

Regular, userspace blocks increment the "dyn blocked" counter for every
dropped query. The eBPF blocks are executed in kernelspace and thus do
not increment that counter at all, which makes it challenging for
reporting to do its job. On the other hand we want our eBPF code to
be as efficient as possible since it is used when performance really
matters.
This commit updates the counter when a eBPF dynamic block is removed,
which is a compromise between the performance impact and a slight
reporting delay.

(cherry picked from commit e59686d645ff5d1652f2fdef109fff5d98d70ea2)

dnsdist: Fix indentation in dnsdist-metrics.{cc,hh}

Update dockerdata/startup.py

Co-authored-by: Remi Gacogne <github@coredump.fr>
(cherry picked from commit b9e82a462fae4cf5979de3e13c68a9af2ca169c8)

fixed the webserver config line?

(cherry picked from commit fa8766c59d2cdf05d86c2dd2ea21018524b35609)

dnsdist: Fix the initial value of the custom gauge in our tests

Thanks Otto!

(cherry picked from commit 55361195cb8d1f6c4a6e32e2504996bec67a23b4)

dnsdist: Implement a FFI method to declare a new custom metric

(cherry picked from commit 67cbba12a6e203d17f1286421d8acfc1b13559d1)

dnsdist: Allow declaring custom metrics at runtime

Also fixes a bug in the prometheus HELP and TYPE messages for custom
metrics with labels, and adds a method to increment a counter by more
than one.

(cherry picked from commit 54c1bc22f3ae1af76253efa7ba859601d6d6c45e)

dnsdist: Automatically load Lua FFI inspection functions

We used to do that for all Lua FFI functions except the ones used
for inspecting StatNode objects.

(cherry picked from commit b4fbe20d867d6f97f282f6e17d71e7e0a1346659)

Stop using the now deprecated ERR_load_CRYPTO_strings() to detect OpenSSL

And move to BN_new() instead, which has been present since at least
0.9.6 and is still in 3.1.

(cherry picked from commit 9fcef4932c9323b085984f8a087045fef70103f5)

dnsdist: fix typo

(cherry picked from commit d9b4683e38076cbf8a2bcd79ebf1f7c5da88ac00)

Work around Red Hat 8 pooping the bed in OpenSSL's headers

The openssl/kdf.h header on EL8 is invalid because someone backported
a work-in-progress feature to an older OpenSSL branch and did not
bother to backport the fixes that were added later.

Red Hat declined to fix their mess and helpfully suggested we do the
work instead in https://bugzilla.redhat.com/show_bug.cgi?id=2215856

(cherry picked from commit 3dabf2d4a1a478fb00a232259e8043f075eb4d03)

dnsdist: Fix the group of the dnsdist.conf file when installed via RPM

I _hope_ the `%attr` directive does the right thing, based on
http://ftp.rpm.org/max-rpm/s1-rpm-anywhere-specifying-file-attributes.html
I'm using this directive instead of calling `chgrp` in `%post` because
I'm told using `chgrp` would make `verify` complain about the ownership later.

(cherry picked from commit 32c478585461060b993a414e074daea47de94b80)

Undo an accidentally change

'disableZeroScope' was accidentally changed to 'disableZeroScoping' in commit 597a91a3cec373ebd4172d167a0f9c7500781027

(cherry picked from commit d85c923f52d1e2140f3ecf5467b513c7b54a856e)

dnsdist: Uglify the code to make the formatter happy

(cherry picked from commit 514e10c770c96be6bd39eb79c75ab0dc9d3a94d8)

dnsdist: Add a 'partial read' case to the backend upgrade tests

(cherry picked from commit e572dbf5b545924785207ff6c6c95f441668a3f1)

sstuff: Document that Socket::readWithTimeout() does not handle partial reads

(cherry picked from commit 9c3ff201bc70cc426170e23a7b99a14a4405c896)

dnsdist: Properly handle short reads on backend upgrade discovery

(cherry picked from commit 1769de1da569cacf5b4c1c1b68198e42cea3e7de)

Merge pull request #12977 from rgacogne/ddist18-fix-doh-xforwardedfor-maxtcpconnperclient

dnsdist-1.8.x: Fix a crash when X-Forwarded-For overrides the initial source IP

dnsdist: Fix a crash when X-Forwarded-For overrides the initial source IP

When both the processing of X-Forwarded-For DNS-over-https headers
(`trustForwardedForHeader=true`) and a maximum number of concurrent
TCP connections per client (`setMaxTCPConnectionsPerClient()`) are
enabled, dnsdist could crash because of an uncaught exception:
```
dnsdist[X]: terminate called after throwing an instance of 'std::runtime_error'
dnsdist[X]: what(): DOH thread failed to launch: map::at
```
This was caused by the TCP connection being first accounted for with the
initial source IP (from the upstream HTTP proxy) but later released using
the IP extracted from the X-Forwarded-For header, leading to an unexpected
failure to locate the corresponding entry in the map.

We might not actually want to enforce the maximum number of concurrent
TCP connections per client when X-Forwarded-For processing is enabled,
though, because we usually want to rate limit the actual client and
not the HTTP proxy, but X-Forwarded-For being set per HTTP query, instead
of per-connection, makes that pretty much impossible at our level since
the same connection from the HTTP proxy can be reused for several clients.
The proxy protocol would be a better option to enforce that limit.

(cherry picked from commit 9b703b51ca25838eeec19449a1c49cb926aef52a)

Merge pull request #12824 from rgacogne/ddist18-12819

dnsdist-1.8.x: Stop setting SO_REUSEADDR on outgoing UDP client sockets

Merge pull request #12823 from rgacogne/ddist18-12811

dnsdist-1.8.x: Add the query ID to health-check log messages, fix nits

Merge pull request #12822 from rgacogne/ddist18-12802

dnsdist-1.8.x: Properly set the size of the UDP health-check response

Merge pull request #12821 from rgacogne/ddist18-12804

dnsdist-1.8.x: Account for the health-check run time between two runs

Merge pull request #12820 from rgacogne/ddist18-12800

dnsdist-1.8.x: Print the received, invalid health-check response ID

dnsdist: Really disable REUSEADDR on outgoing UDP client sockets

It turns out that our `Socket::bind()` will _helpfully_ enable this
by default.

(cherry picked from commit 20f67fee9447069d4586a41254468ac060b2d65e)

dnsdist: Stop setting SO_REUSEADDR on outgoing UDP client sockets

`SO_REUSEADDR` is useful on TCP server sockets to allow binding quickly
after restarting the process without waiting `TIME_WAIT` seconds, or
to allow some port reuse on BSD. It also allows reusing a port more
quickly for TCP client sockets.
For UDP sockets, however, Linux allows two sockets to be bound to the
same address and port, and will distribute all packets to the most
recent socket, which is very unexpected, to say the least.

(cherry picked from commit b33f09f1989e938c503142a38c556df94254443a)

dnsdist: Add the query ID to health-check log messages, fix nits

(cherry picked from commit 385fca46ffe3a6f84806aab67d47c8b80ebac26c)

dnsdist: Properly set the size of the UDP health-check response

We forgot to resize the response buffer to what we actually got,
so the initial buffer size (512) was mistakenly used later on.
Technically this should not be an issue as the buffer is large
enough, but that prevents us from reporting that the response
was broken if it not large enough for a DNS header, for example.

(cherry picked from commit 6a04912e36e32104434d2b1b0625a0de0e0c002d)

dnsdist: Account for the health-check run time between two runs

We used to wait one full second between every run, which only makes
sense if the runs are not taking a long time. But as soon as we have
at least one check timing out, the run is taking roughly the time
of the longest timeout configured, so after this commit we:
- do not wait at all if the last run took more than a full second
- wait one second minus the elapsed time of the last run otherwise

(cherry picked from commit 5b48dd1425dabbba7ab6758fe3ccf2b1410faef7)

dnsdist: Print the received, invalid health-check response ID

(cherry picked from commit bf22f0fdc1b9fe5f5d4e1d96333751542c432fe6)

Merge pull request #12795 from rgacogne/ddist18-only-ddist-ci

dnsdist-1.8.x: Remove the workflows that are not relevant to dnsdist 1.8.x

Pin pyasn1 to 0.4.8 because 0.5.0 broke the API with 0.5.0

https://github.com/pyasn1/pyasn1/issues/28

On 20230420: https://pypi.org/project/pyasn1/#history

(cherry picked from commit 7d6cbd0823d2ebdede600dc034d852ba2c5f39c6)

dnsdist-1.8.x: Remove the workflows that are not relevant to dnsdist 1.8.x

Merge pull request #12682 from rgacogne/ddist-ci-wait-for

dnsdist: Wait until dnsdist is listening on the requested port in the tests

Merge pull request #12688 from omoerbeek/rec-bound-invariant

rec: re-establish "recursion depth is always increasing" invariant

ALso derive alias recursion bound from s_maxdepth.

This should be revisited, as it looks like the check
in doCNAMECacheCheck() overrides the less strick check in
doResolveNoQNameMinimization().

dnsdist: Don't test the web server port before the concurrent conns check

rec: re-establish "recursion depth is always increasing" invariant

Now that we have getQMFallbackMode(), we can go back to always increase depth
and never decrease it and adapt the upper bound check if needed.

This should prevent a re-occurence of a bug similar to PowerDNS Security Advisory 2023-01.

Merge pull request #12687 from rgacogne/ddist-rule-params

dnsdist: Fix 'Unknown key' issue for actions and rules parameters

Merge pull request #12684 from Habbie/amazon-linux-2023

builder: add amazon-2023 target

dnsdist: Fix 'Unknown key' issue for actions and rules parameters

The parameters were properly parsed but not marked as consumed,
leading to warnings such as:
```
addAction: Unknown key 'name' given - ignored
```

builder: add amazon-2023 target

Merge pull request #12668 from aerique/feature/add-auth-48-to-repo-script

Add auth-48 to repo test script.